I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as.

I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though.

So, my question is (are):

  • how do I find out what the default user is
  • do I need to change the default user
  • if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up?


  • 103
  • 6
  • 15
    why has this question been downvoted? Yes, it's been updated as it has been answered elswhere, but I see no need to down vote? It's a perfectly good question? Perhaps our down voter would care to add a constructive comment regarding this? – Bryan Mar 24 '10 at 16:44
  • 2
    You might want to post that update as an answer, and accept it, as you are currently in the Unanswered queue. – Fahad Sadah Apr 05 '10 at 09:40
  • 11
    +1 for being told off on StackOverflow; some users seem insistent on running off new users – wruckie Jun 07 '14 at 18:35
  • Linked question does not exist any more – pal4life Aug 11 '14 at 22:28
  • The next question: what to do because its one of two users, like `root` and `www-data`. How do you give the "right" Apache group a permission to access something? –  May 12 '15 at 21:38
  • The answers to this question are, for the most part, bizarre. Most of them just give an incomplete list of common users and suggest running `ps` to find which one (or more!) of them is running anything, irrespective of whether that user actually *is* Apache. Just do the obvious thing - `apachectl -S`, as suggested in 2 answers. – EML Jan 22 '22 at 11:57

15 Answers15


ps aux | egrep '(apache|httpd)' typically will show what apache is running as.

Usually you do not need to change the default user, "nobody" or "apache" are typically fine users. As long as its not "root" ;)

edit: more accurate command for catching apache binaries too

Jasper Kennis
  • 379
  • 1
  • 3
  • 12
  • 6,760
  • 4
  • 37
  • 37
  • 61
    Yup, or it'll be www-data on Ubuntu. – gravyface Apr 19 '10 at 23:55
  • 12
    ...and Debian. :) – cubuspl42 Jan 28 '14 at 13:07
  • 14
    That command shows me a list of things, most from `apache` but 1 from `root` too. – User Mar 01 '15 at 03:40
  • lampp runs httpd as daemon user – Jekis Jul 05 '15 at 17:53
  • @GruffTech, What about Windows Server? – Pacerier Apr 15 '16 at 14:14
  • 7
    I have 3 processes (`/usr/sbin/apache2 -k start`), one's user is `root` and the other two `www-data`. Should I be concerned? – zundi Feb 22 '17 at 18:33
  • 11
    @zundi, the service starts as root in order to do things like bind to reserved ports (e.g. 80 and 443). Then it starts whatever the configured number of processes are, to do the web-server work, and any other tasks, as the defined users. That way requests are being handled by non-privileged processes. You will notice the the parent ID (PPID) is the same for all of the other processes. That idea with be the PID for that one process running as root. – Kevin Aug 15 '17 at 18:52
  • 3
    That solution is fine, just be aware that it will list also "root" and the user who running this command. To avoid this you can add " | grep -v `whoami` | grep -v root" to this command like nowthatsamatt answered below. – Tobias Gaertner Jul 16 '18 at 11:37
  • 1
    If you get a list or you have doubts better check @nowthatsamatt answer. – Leandro Bardelli Apr 29 '22 at 22:44

You can try the following command:

ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'
  • 3
  • 2
  • 921
  • 1
  • 8
  • 11

Use apachectl -S, which will show something Apache user and group, something like this:

User: name="_www" id=70
Group: name="_www" id=70
  • 273
  • 3
  • 8
  • 641
  • 5
  • 3
  • 2
    Thanks, on my mac i see that apache is running as '_www'. – Mercury Oct 19 '16 at 14:01
  • 4
    This is a good answer, because it is the one command that tells you a lot more about your running web server and presents it in a comprehensive way. – kontur Sep 05 '19 at 08:08
  • Oddly, on the Mac, although it shows as '_www', you use 'www' without the underscore for various commands (notably chown). By the way, this varies according to version of MacOs/Apache/Apache package. It's '_www' on my macOs Big Sur with Apache 2.4.38 from MacPorts. It used to be 'staff' on older builds, and I think it's different if you use Homebrew. – xgretsch Oct 05 '21 at 15:51

According to the ubuntuforums.org, on Ubuntu the default user for apache2 is www-data.

Seen to be true on Ubuntu 13.10 Saucy.

From Lars Noodén on the above forum.

To be sure what [the user] is really set to, check the actual configuration files. The umbrella file, apache2.conf will have something like the following,


That is a reference to environment variables set in /etc/apache2/envvars. mod_suexec also allows scripts to be run as yet a different user and group.

To find any virtual hosts, which may use alternate users, groups, or both, check the configurations.

$ egrep "^User|^Group|^SuexecUserGroup" /etc/apache2/apache2.conf /etc/apache2/sites-available/*.conf

For Red Hat based distributions it would be (usually its user running httpd is apache):

$ egrep "^User|^Group|^SuexecUserGroup" /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf
  • 314
  • 4
  • 9

I know that this is an old post, but it is still listed as unanswered, so I will make a suggestion. If you can't find which user or group Apache is running as, perhaps try opening the httpd.conf file. There should be an entry there for "User" and "Group". Not only can you see which user Apache is supposed to be running as, but you can change it if you feel the need to do so.

  • 281
  • 1
  • 5

You can include a line of code in your PHP script:

echo exec('whoami');
  • 28,508
  • 20
  • 98
  • 148
JG Estiot
  • 119
  • 1
  • 2
  • 8
    Watch out here, this shows the user that PHP runs under, not the Apache user. If using mod_php these are the same but if, as is now very common, you're using something else (like php_fpm) they can easily be different. – benz001 Jul 31 '14 at 02:29

This code will - more or less - alphabetically list all the non-root users running processes containing apache (or whose name contains apache)

ps aux | grep -v root | grep apache | cut -d\  -f1 | sort | uniq
  • 816
  • 1
  • 11
  • 22
  • 51
  • 1
  • 1
  • 1
    The list will probably include users who are running processes like 'grep apache', such as your fine self. – mwfearnley Jul 15 '16 at 13:58
  • To find out the user, you can simply use ps aux | grep apache while it is running.
  • You don't need to, but if Apache is running as root there are security issues.
  • Thirdly, changing the user of Apache will change his rights to access some directories. You need to make sure that /var/www (or wherever you have your websites) is accessible to the new user and group.
  • On the systems I have looked at, apache was always installed using apache:apache (or similar) as user and group, so it should probably already be set like that.

NOTE: This is the same answer I gave on Stackoverflow.

  • 141
  • 2

Or you can check the apache configuration file and look for the owner & group.

  • 2,323
  • 21
  • 34

An alternative approach, at least for Debian/Ubuntu-based distros, is to use the same method Apache does to set its user and group: source /etc/apache2/envvars!

$ echo "$(source /etc/apache2/envvars && echo "$APACHE_RUN_GROUP")"

If you want to get fancy, you can suppress errors if the file is not found, and provide a default value:

$ apacheuser=$(
     source /fail/etc/apache2/envvars 2>/dev/null &&
     echo "$APACHE_RUN_GROUP" ||
     echo nobody  
$ echo "$apacheuser"
  • 1,593
  • 12
  • 11

As suggested by Noyo here:

APACHE_USER=$(ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {if ($1) print $1}')

And then:

  • 6,499
  • 2
  • 46
  • 54

I found most of the solutions offered here are system- or configuration- specific (in particular, most of the solutions do not work at all on MacOS) and a few rely on the user knowing where Apache's configuration files are in the first place...

So I cheat a bit and let Apache itself tell me what's what.

The simple command apachectl -S will tell you what you need to know about a running instance of Apache, and its results can be parsed fairly easily. Here's my solution, which I use at the top of a few bash scripts to determine a variety of things I might need at any given time...

# Store the results so we don't have to keep calling apachetl...
astatus=`apachectl -S`

# Now grab whatever you want from the result... 
HTTPD_ROOT_DIR=$(expr "`echo "$astatus" | grep ServerRoot`" : ".*\"\(.*\)\".*")
HTTPD_DOC_DIR=$(expr "`echo "$astatus" | grep \"Main DocumentRoot\" `" : ".*\"\(.*\)\".*")
HTTPD_USER=$(expr "`echo "$astatus" | grep \"User:.*name=\" `" : ".*\"\(.*\)\".*")
HTTPD_GROUP=$(expr "`echo "$astatus" | grep \"Group:.*name=\" `" : ".*\"\(.*\)\".*")

These values can then be used as such:

echo $HTTPD_ROOT_DIR // /etc/httpd
echo $HTTPD_DOC_DIR  // /var/www
echo $HTTPD_USER     // www-data
echo $HTTPD_GROUP    // www-data
Paul Gregory
  • 103
  • 4
Mike Fahy
  • 121
  • 3
  • You can use the operator `<<<` to pass a string as stdin to a process: `grep b <<<$'a\nb\nc\n'` – ceving Jan 21 '20 at 14:33

Use lsof and pass the port apache is listen to as an argument. See the USER column for the user appache is running as.

# lsof -i :80
httpd     21058   root    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
httpd     21111 www-data    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
httpd     24915 www-data    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
David Okwii
  • 324
  • 1
  • 5
  • 13

I found this command in CakePHP docs.

HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`

Now HTTPDUSER holds the username of the user who runs the server, echo $HTTPDUSER in my case outputs www-data –using rlerdorf/php7dev.

Nabil Kadimi
  • 101
  • 2

This is what I use right now:

apachectl -t -D DUMP_RUN_CFG 2>/dev/null |
sed -n '/^User/s/.*name="\([^"]*\)".*/\1/p'
  • 534
  • 4
  • 26